Topic: Some questions about Cold wallet (Read 308 times)

This diabolization of the word 'trust' is overblown in my opinion. The people who do it, act as if their whole life, or at least their whole Bitcoin setup was trustless, yet they trust the hardware, the OS, ....
Since I often notice that even very technical people here can't (read or write) code, I am certain they haven't verified the Linux kernel they're running or the software they use or tested it for bugs and security vulnerabilities.

But my point is: they don't have to. It's totally normal to have a certain level of trust in the systems, the code and the cryptography & maths you use on a daily basis. It's not good to try to hide the fact you trust something; instead it should be encouraged to talk about and discuss how much trust you're willing to give to a certain part of your system. To think about trust / time & effort tradeoffs, and maybe even about how to quantify trust.

But ignoring it, or even censoring it, is not the way to go, in my opinion. It will result in people being uncomfortable to admit they use a mobile wallet for daily usage and could lead to a newbie running around with his life savings on his hardware wallet when going on a jog to the grocery store because someone online made it seem like any coins deposited into a hot wallet will be immediately stolen.

I thought you used asterisk, because "trust" is taken as a bad word in here. 

In the past I found a page that described pretty much the same as I did, and they also focused on the word "trust" and replacing that with "tr*st". I really like this text, but I cannot find it again (also because that star character is a special one and search engines cannot handle it well).

I'm highlighting the latter to be more persuasive about the former. There are specific, common attack vectors, which can be mitigated in a human manner, and an endless list of uncommon, such that even if they happen, you're likely affected one way or another.

For example, if, say, it was found that all Windows OS's had a vulnerability which weakens the RNG (or whatever), it can harm everybody - including you who're not using Windows - because of the market upheaval.

I don't know, I might be wrong.

It's just that you're usually not so concerned in other things in life, which are much more likely to happen, but you're going to exaggerate it with the cold storage. Don't know, again, but I feel it's purposeless.

I think he's trying to say that at a certain point you don't really need to continue 'focusing on different attack vectors', since the ones that remain are so unlikely that you'll be better of enjoying your free time instead of continuing to pursue the goal of the perfectly secure Bitcoin storage.. At least this is my interpretation and I'd agree in a way. At a certain point you just want to sleep in peace and stop worrying about every last possible way of how someone could steal your coins that you might have missed.

I don't follow the point you are trying to make. First you say to focus on the attack which is more probable, then you highlight uncommon but "not impossible" attack vectors.

I'm saying that yes, absolutely focus on the attack vectors which are more likely first, but if you have protected yourself as much as you can against common attack vectors, then it is only logical to start considering uncommon ones. All these attacks are possible, and the risk they pose to each individual user will depend on your threat model and the steps you have already taken to mitigate against. The list of vulnerabilities or potential attack vectors against you, ranked by likelihood, is not universal nor static. Perhaps the most likely way for you to lose your coins is by someone finding your seed phrase, which is written on a post-it note and stuck on your monitor. It absolutely makes sense for you to focus on this issue first. But since my coins are in a passphrased wallet with the seed phrase and passphrase stored encrypted and in two separate safes in two separate cities (for example), then this attack vector is much further down my list, and so it makes sense for me to focus on different attack vectors.

But, there are always less common attack vectors. The more you dive in, the less common they are. For example, if you don't verify Electrum neither you download it from the original page, it might be compromised. If you download the installer from electrum.org, the necessary public keys, the signature and you verify the binaries, you should be okay. Still, there are uncommon attack vectors such as:

• Github or any other key server is compromised at the same time electrum.org is.
• The OS.
• The attacker might have found a cryptographic backdoor.

They're highly unlikely to happen, but they're not impossible.

But, same as your personal safety; as is possible.

USB pendrive is good for a offline wallet but this doesn't make it a hardware wallet, there are risks using a USB pen drive too, they get damaged on their own if you keep it for a very long time, and files you copied on the USB pen drive might get corrupted too, I very used to USB drives that's how I know all this, they mostly fuck up as time goes by.

Yes of course, but such reasoning shouldn't be used to justify ignoring less common attack vectors. There is no reason we can't focus on both your examples and mitigate against both your examples. And after taking all the steps required for me to be as assured of my personal safety as is possible, then it is only logical to turn my attention to other possibilities.

It's far more likely for my seed phrase backs up to be stolen because I am $5 wrench attacked than because someone finds my back ups, but that doesn't mean I should just write my seed phrases in big letters on my wall and only focus on my personal security.

The discussion impinges the well known xkcd comic about "crypto nerds".


"Don't trust, verify!" is a fundamentally good idea, but moderately. Did you verify your software? Good. Your OS? Good. The firmware? Nice. The math? Respectable. Have you verified everything? No. Why? Because you can't know everything.

But, the point here isn't philosophical. We're working on a project wherein trust has to be minimized and verification is essential, necessary and merited. I've come to the following conclusion about this question:

From a paranoid's point of view, and due to the fact that we don't know everything, it cannot be answered with an argumentative proposition, but with another question: What do you think it's more probable to happen? Will my OS behave so maliciously, that I'll have every kind of key replaced by another, every entropy generated altered, every cryptographic function from every software changed etc., or will I simply get robbed/blackmailed? Because in both cases, it's clear that I'm a direct target.

If you've verified the open-source software's and OS's binaries, perhaps even your RNG and firmware, and still get robbed there has to be some sort of doomsday sign out there. What can have gone so wrong?

I don't think there's a simple technical solution to this other than avoiding to catch a virus.

Of course, the party could for instance send you part of the address via SMS to a burner phone and another part of it via Signal on your main smartphone for example. They could also call you and read it out; intercepting and changing the words someone says over the telephone will be almost impossible compared to hacking a messaging app and changing the text shown on screen.

You could even go as far as using the blockchain itself, for example the recipient could deposit a certain number of coins into this address (like 0.123456789 BTC) that they tell you over a secure or hard to hack channel (such as telephone) and you can verify with your Core node, phone, and various PCs on block explorer websites that this address holds that balance.

Just some ideas that don't sound very paranoid if you were to really transfer millions of USD to someone.

Good points. So, next question - how do you mitigate against that? Asking the other party to encrypt their address with your PGP key (for example) doesn't help, since your evil OS could still replace the address displayed to you as soon as you decrypt their message. Homomorphic encryption doesn't help, since your malicious OS could still feed malicious data to your encrypted wallet. An airgapped wallet doesn't help, since the malicious OS on your watch only wallet can still feed you an incorrect addresses. Your OS could even feed you fake hashes, checksums, or other verification methods. Further, how do we know the other person doesn't have a malicious OS which is changing the address they send on their end?

Do you simply have to ask the other party to confirm their address over multiple means of communication?

This sums it up pretty well; for instance, a live Linux OS on a USB stick could theoretically be attackable from compromised hardware or even the USB controller IC inside of the USB thumb drive could run malicious code. I'm confident that almost nobody has ever verified the firmware running on the microprocessor of the USB drive that their Linux Live distro runs on. That's just one concrete example of where 'don't trust, verify' gets harder and harder to perform. You'll always hit a 'brick wall' where you can't verify everything.

I don't understand what's the deal with you 'self-censoring' the word 'trust', though?

Exactly. You have to define, what is "trusted" and what is not, you have to know your "security model", let's say. You have to "tr*st" something. For example, you cannot fully validate your hardware. Your eyes cannot read text on CDs, you cannot "switch them to 700nm and read some zeros and ones" in the same way as you can read some text written on paper. So, because of physics, you have to "tr*st" your hardware. Also, if you are not a programmer, but just some user, then you have to "tr*st" your software. And then, if you are not a cryptography expert, then you have to "tr*st" maths behind all of that. And if you are not an operating system developer, then you have to choose some system and "tr*st" that. For example, if your system is compromised and filled with malware, then that sender's address can be replaced by the attacker's address.

So, to sum up, Bitcoin is superior to other systems (like fiat), because you always can explore it and get some knowledge. You can ask questions and look for answers. It is not a system, where you have some dollars with some serial numbers and you have no idea, why you have those numbers and not something else. Here, everything is public, and you can always know more, but there will be always a way to attack you, so you have to define your "level of tr*st" to separate parts where you know enough to check it, from parts where you know nothing and have to "tr*st", until you will learn that.

Cold wallet is offline wallet that is not directly connected to internet, it can be as old paper wallet or seed words generated with dices and written on piece of paper.
You can use some encrypted USB sticks for storing seed words or private keys, but this is not really a wallet you can use for daily transactions, and all data can be formatted easy and keys will be lost forever, so this should not be your only copy.

Yes you can recover coins from your hardware wallet BUT only if you stored backup safely, and if you checked if they are actually working and written correctly, including passphrases.
It's better to know derivate path for hardware wallet in case they are using something custom.
If you lose or break old hardware wallet, importing keys in new device should recover everything, if done correctly.

Well, when sending BTC, a very compromised (can this actually be quantified? LOL) OS could modify the recipient's address shown on screen to point to an attacker's address. Then it would proceed to also intercept the address sent to the hardware wallet (no difference if USB or QR codes are used..) and the hardware wallet will sign the transaction. It will also show the 'right' address on screen (attacker address matching with modified address on computer screen).
That's the best attack against hardware wallets I can think of today. It's not my idea; I read about it here on the forum when someone tried to argue the benefits of airgap in HW wallets.

That's what I'd use, too, but I agree; this thread went very technical, on a very basic beginner question. While an interesting read for me, I believe OP should stick to a 'normal' out-of-the-box hardware wallet.

Unless he's about to store life-changing amounts of money, in which case he should take the time to learn more about cold storage and fully understand it before putting huge sums of money into it.

I did quick research and looks like there's almost no application of virtual machine which use Homomorphic encryption. Implementation for VirtualBox (which is most user-friendly virtualization software) only exist on academic research[1]. IBM also release FHE implementation for 3 different linux distro, but it's rarely updated only available on Docker[2]. It means you're limited to CLI-based Bitcoin wallet, unless you're able to setup X11/Wayland server.

[1] https://research.ijcaonline.org/volume100/number1/pxc3897999.pdf
[2] https://github.com/ibm/fhe-toolkit-linux

Agree with pooya - it looks like a very interesting application, but in the absence of any existing implementation for a bitcoin wallet, then it is far beyond the scope of the vast majority of users to implement.

Can you elaborate? A large part of the reason behind hardware wallets is that they can protect you against an evil OS or an OS filled with malware. With a good hardware wallet, an OS cannot access your private keys, and any transaction it feeds your hardware wallet will be displayed on the screen and have an opportunity for you to double check it and reject it if it is malicious.

---

If I wanted a USB wallet then I would use Tails with encrypted persistent storage storing an Electrum wallet, and only boot to that USB using a permanently airgapped device. But if you are asking the question "Is a USB a hardware wallet?", then you probably don't have the technical knowledge required to do this safely and not expose your private keys in the process, and a hardware wallet would be a better choice.

Interesting concept but it looks to me like a hard thing to implement by a regular user and more importantly there may still be ways to leak security-sensitive information if not done correctly or a vulnerability is found.

On the other hand installing OS, encrypting (setting a password), etc. are things that users may have already performed in the past and are not new concepts. That makes the whole process that much easier.
This would also be stand-alone OS running without networking or access to disks which sounds more secure to me than an OS that runs inside another running OS (VirtualBox) that may have vulnerabilities.

I believe if homomorphic encryption will be used, then it even could do something like that. Because if the currently running operating system is evil, then no hardware wallet can protect you. So, that means you could store a VirtualBox image or something like that, and run it from your USB disk. You can use VirtualBox, unlock your image with some key, and then run it. There is no need to decrypt everything to run it, that's how homomorphic encryption works.

That is wrong.
A USB disk can not function like a hardware wallet that you connect it to your PC and sign transactions but it also doesn't have to only be a dumb storage. You can create your own advanced setup where you can safely sign transactions too. One way would be to install a Linux OS on the USB disk, encrypt the home folder, disable certain options that would allow access, disable network, etc. install Electrum, boot the OS and easily sign transactions offline in a very secure environment.

get yourself familiar, u can use a pen drive or or another operating system like linux installed on the same machine.

install electrum and see how it works, and once you get familiar, you can go ahead and buy a hardware wallet, it just helps you sleep safely at night is all.

as for your second question, as long as the seed is safe and not compromised, any coins held in the cold/hardware wallet are easily recoverable.

As an offline wallet? Sure. As a hardware wallet? No.

You can set up a wallet on an airgapped computer and then save a copy of that wallet on a USB drive. As long as you only ever connect that USB drive to airgapped computers, then it remains permanently offline. This is not a hardware wallet though. Hardware wallets are specifically designed to be resistant to both electronic and physical attacks, whereas a plain USB drive is highly susceptible to both. While a hardware wallet can be stolen, connected to an online computer, or connected to a computer filled with malware, without loss of your coins, a USB drive in any of these scenarios could very easily lead to loss of your coins.

Most hardware wallets will use seed phrases, which will let you recover all your wallets. Some also support encrypted digital back ups, such as on to an SD card.

---

I think the subtext of your question here is if you can avoiding paying for a hardware wallet and instead come up with your USB drive based system to save some money. The short answer is no. You will almost certainly come up with something far inferior and leave yourself open to attack vectors you haven't considered. You can set up airgapped and encrypted cold storage, and a USB drive could be part of that, but it is not for the newbie and requires a degree of technical knowledge and competence.

Read this: https://medium.com/mycrypto/the-difference-between-a-hardware-wallet-and-a-usb-drive-c50523d24e02

If the hardware is broken and cannot function, then you can recover your funds from a computer or from another hardware wallet using the seed phrase. If you neither know what a seed phrase is, read this: https://en.bitcoin.it/wiki/Seed_phrase

Actually, I've never used a cold wallet, so that I want to know that can a USB Pendrive be used as an offline wallet or hardware wallet?
My other question is since I have never used a hardware wallet, that's why I want to know is it possible to recover a hardware wallet if it is lost or broken, or damaged?
I hope I will get good answer from this community